incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Olaf Kock <>
Subject Re: url rewriting supported?
Date Wed, 18 Jun 2008 19:53:24 GMT
Simon Kitching schrieb:
> By the way, I don't see cookies as a lot more secure. The cookie text is
> also sent in plain text in both the request and response bodies. There
> aren't many cases where someone can intercept the url but not the
> cookies. But thanks for the reference to OWASP; I'll have a look at what
> they say about that.


I do get your point with the dev environment and logging in multiple
times. However, even though http transfer is the same for urls and
cookies the url may be transferred for referred images and links to
other sites as the referrer, e.g. the url of a page that a link was
clicked on.

This is hard to get around correctly and the reason for this setup to be
so unpopular securitywise.


View raw message